socgholish | 12c99350644cb80d4764a086848a98c65e19eb490427b1af8b5158fe310d5eb9

Analysis

max time kernel
120s
max time network
146s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-02-2025 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_8060df36514d30eb1b2c9d7658996734.html
Size

127KB
MD5

8060df36514d30eb1b2c9d7658996734
SHA1

852be9e4a7962172c29600310804a78ce8308576
SHA256

12c99350644cb80d4764a086848a98c65e19eb490427b1af8b5158fe310d5eb9
SHA512

2d9f6cf18e1069bf179f7c21046883ed618300fe3fc97a67b7caccfad8d1259e4ad2a7ed75834921b3ecfcf7abeb29e6485d3d39225991855e09d3bd3affb680
SSDEEP

1536:fkJECCHEOnqCaJnTD9BVZfF6QmQRVK6f5w4w+iS:fA6EaqCaJnPVZft

Score

10^/10

socgholish discovery downloader

Malware Config

Signatures

SocGholish
SocGholish is a JavaScript payload that downloads other malware.
downloader socgholish
Socgholish family
socgholish

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{46A680A1-E1A1-11EF-9303-EAF933E40231} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444688695"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1804	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1804	iexplore.exe
1804	iexplore.exe
2104	IEXPLORE.EXE
2104	IEXPLORE.EXE
2104	IEXPLORE.EXE
2104	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 2104	1804	iexplore.exe	30
PID 1804 wrote to memory of 2104	1804	iexplore.exe	30
PID 1804 wrote to memory of 2104	1804	iexplore.exe	30
PID 1804 wrote to memory of 2104	1804	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8060df36514d30eb1b2c9d7658996734.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1804 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
4a8b328a60d94a0b090e1aba489e022d

SHA1
d8849f1418f11659fdf4979a59757793c95daafd

SHA256
0930a6a570c280f5b6721718f326808e0bfd543f40ed5d4315a46229d78ca9ee

SHA512
4fa6956bca20273dd175c74100d0ea9622fa831ae4d2dd56e19dd7ff2658647ca44e642cf448e68f97419545e1454a0405524e8234581f4355886d57f052a641

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6939491cd80f17d3c3467e3d231f47b2

SHA1
ac2af43199a5ec90003fa1769916c21b3b2a51f7

SHA256
c2eb521d9c7d45d0b4e279fe52deba94e5176d953ee68f18cae3ef01015b0219

SHA512
7652f566aff24e40605fac51192c49eec20a9930b9bb46f76f5ab17ffadc71e9641e3a6dfd7fbdc644abf4842ba5e66f5b61e35d7d427cf083b7d7e8fb7f1dbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
65313f4b7e1de530d37cc43ed3957370

SHA1
b00bd840ccf775e65e69d84a5afeea7b60a487dc

SHA256
713e76d6250e3b89e556fa42a1ff976a2def4f6121ea72235dbfe6ced97038c5

SHA512
6fc6ca0ff953d7de9d85a176ebf0f5885f83d41a6c86c2d09e9b4060561fd6adb3ce5c5a57cab77511e763ffcd30f852658c9c3664b12493daded7bd77af5176

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6682c1242d256d19ce2376e2e9df9e2

SHA1
74fa1efc58f46297c3c061c7b3e56154e35a6b84

SHA256
66c622ff459b7a27b538fb37d42efcc4d9083b75f3c82ddc49551c29e83165d4

SHA512
303daa60276b7a36afc3a38e096f76683a201019ab0fa2fbcc5faefcadec3e8422cecc27d222d69b9e80a221d70159f3cd93b595296a5b83187810dce36783ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
037db9c8f538407a6d302ae03e3e1a36

SHA1
5a2b1fa5c6c4c8c75cf5779e0a1d4bf5103d2536

SHA256
c979571d5f95f3ee1e9e4367c183685ed7cdc78a52f71ce59c9f9fe05b364d8b

SHA512
06e02517c5adadce5456207d0a1cfb544ab591769713a2ec598db9f6cd80fafcb9cca5ecdb636754cc3d91667812642d3bd2e1fd4ef28f75710127164433f556

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38b549ae0d7421700529f2c123d376c3

SHA1
1449b63c9124e6421c811c476c075b112ca586d7

SHA256
97073aaabe23f188b4f89260781df1faa52510d34af0b4b475f8a6dafb45f0a9

SHA512
ca2901e3c3ff11041be30b850070c1dfbb48ce1965f27ffeac29cea34047a7ac825172b97ab2c5b29bba3779ccf940c3aa6f090ab0723ecdb047c01ba520b7a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a9f62e5344f8d3188ca19aa60fcab26

SHA1
7bdfce04ca7c09c33011c9f83bf29bf979da2d01

SHA256
1a1eb8ee0364484579d15082db323040dadb25f881d966496f1c4bcff5ef4a89

SHA512
8cd7fe421c88b460a031697816c43bdd723e490004aa675d4b36068b160b02bc0db709c4e2ed495847f0ea8769dc625b73dac60e477ec93dcb8796bbe0e7a2f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
efc980eee3bec7f5efcbfd1f6bdb378e

SHA1
289db24ea24005f99808feb83f344f0734842dcb

SHA256
80c5a9ea1b6314e650a047f4a3a886d7811c6c122b2e7a3aa77121f4bfe235a6

SHA512
f945ccc7c78d69c2c2ead265973f00c7d47e227b0d457468d425ee60ee99815171797a2644e2a662e91c6d3fc5531061844bc95ef25e26345d01a30d183212ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98b25fbe2617e179e43aa992b5ea4bd2

SHA1
86c61065c7d3b59861d5b4839f4363cc30d43413

SHA256
4ebacf79152be3804fbc66f5640a93a046a8d148db4e3316e074b81741e6b564

SHA512
2b6f49c8053926e04a4ef5e2b455e906c652b68d046aaef21fcd0cb02503cf3e413b25a2f7d95059fe168256e318c86560f25034dcf88b188db0f5312daf48ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66ce6ee94c5a67403706257adcf7e7a9

SHA1
9d190fa1e67c6cb6bece4f2b13de0f8ba9347eb6

SHA256
ad221ce5db9ae2cc4655d5493c2e47623290b6c0a61ba6bddfb4ac673a817f5b

SHA512
83f0d1c37d48bbd3f4c93a727349d931070262f620d3550e5b517c43118e46a39765bfe02c0f1ce2b8e6d893fd1f359649dfd3475a4018b0bae4b7d6554a6d3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
663e1a1273e561262bc0e7907f087d2b

SHA1
2fa14f5f045798e9e3f7db1de29b73290d111d4a

SHA256
c23be6f5500daf339b0c89272a7685580f3d1fe10bdef72d99bf286d30c69489

SHA512
2bd88b14d65f887d441be9d6e54c159dc12b8f683fa206fa635578a953e2c43a5010dab09a538ec4298988443599b8e5064ab8e9ee6fd1f7a702baedfaf1fa50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba668b7a5467abe4d735e099051319aa

SHA1
6cbb4f81c19766e9170f1166110a36f15601f656

SHA256
70d2446b9467b22bc120de537539918708ca350eafdd7f4ecf66d1aefa1db85a

SHA512
63df7ab171f2ec37dc6a417ff764c6d9dbe5c0d4a0ce187b75b53d080f0e43d903be3be34d106a0b4caf0aff2538d8547815ff537c4592634bcf36e54e2f3663

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1771318ff678b5da33ca7832b3fefc30

SHA1
244b0c106b75351af4ffa26989046affcecca024

SHA256
4303726d77911ef05d8f8e283db5ce0821711a3737be44d670389d711585b0c9

SHA512
fa83baad389177a5402e2162eca14fa79c0a674084dc16decf301dd039e47de521fbf7f9fa2be8364143b5d4ec5581ea81378abb8056387a904a2385658e7c34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ed12c40a67056f46b8895b78e03a5c4

SHA1
6b952c054ee4ed93947d7a8729b747d2b9385186

SHA256
b7c610488d2d103bec22e857da12695638f2b5805a9c188cdc04dcc4583a34a6

SHA512
e7ea8badd0e2511155c00706f696e3be1f5f3e488a951e3361e33f3a712b414b4a9bc6072f7e60bbb3b8c440c5256fb457d8fd2f82e6cd5556f1614fd48d1b7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
444c9371d40b123b4e1b371d7395aed2

SHA1
046916b4443f7a88873478c62beaa66b6a8a9d27

SHA256
bfbfafc41cd552958a007b37c6317fd3ad4fe598d8f693f68d801440492129ed

SHA512
28f8b26be0f5d871fd9ee04afa14c4a42e03e5e28451e55cf3748894c6b35ecbe797aee0a30136b6b1f1fcc358b126123c4a7aa00daf8e5a15ca332fec3d3943

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0badc35e536c796d03511a8039752f24

SHA1
9daf6daebed92242890b7301482632186d4b045b

SHA256
3c5b738342ad12de6e54f287fbbe5ac537b4b2eb9eee09c55b58491a01a7dec2

SHA512
50d5477319af6b517f265f2b69848ab2bc3ba31fa7ed03bfd259937198dcd03f0b741bdb1d872f0e6731df741e436ef3475a119d892efb76982f2a923ff20c41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

Filesize
396B

MD5
436b3242974c15f8798522b8e6910423

SHA1
c5d486387c42214c6b29d5f21916ab29fc080daa

SHA256
a49eaa1741aa315d8393606bd2a945d472964ab666064b1fb9c1dbd5b0a596fb

SHA512
2eb330e3bc7402d6cbee7b8e999f803451cdf329b1452d1427bfa54c87e2fa5ee8d156bf8e61d4bd43f082ca23ab1247fb5103197505cae1cbd8124201c05b9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
dd72e1e4c1a983538f34b96f1c1f7484

SHA1
ef61c4e8403bdcbfb5144c4fc02f962c87726346

SHA256
31a6ec720e8d984a8df2109da6e232ec15d6f4b0634ec3e23a040a460d0db238

SHA512
679ca90a50500ff1858655f17877586842b4d5ee4749747084cc284ed4bf054ec6d899957729fbd978e9ac221c0a711349558158888f72fa78ba98db45b4fd0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\f[1].txt

Filesize
43KB

MD5
f9c4e0fc7c90121b5e082281cc04e4b3

SHA1
b3c1994bfcc29222ffe1055a32d8e8df3aeaf08a

SHA256
c86d858fb98223be60e9d8589e8742a370a302a20d4d1470cec76805337d215e

SHA512
e56f9d2e2c9c419558e513a188edbb2583e974042abe4d7df74db69548a044b1032e586eb5fe2fa4f9e99839b9431422f05c833446009075921646b4e55d1697

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC286.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC2A8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit